From b5145809b1bb8d9aae0647c703b43aec68821fbb Mon Sep 17 00:00:00 2001 From: Yi Chen Date: Thu, 13 Nov 2025 15:28:51 +0800 Subject: [PATCH] tests: shell: add packetpath test for meta time expression. v2: - Switched to range syntax instead of two matches as suggested by Phil. Signed-off-by: Yi Chen Reviewed-by: Phil Sutter Signed-off-by: Florian Westphal --- .../packetpath/dumps/meta_time.nodump | 0 tests/shell/testcases/packetpath/meta_time | 79 +++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 tests/shell/testcases/packetpath/dumps/meta_time.nodump create mode 100755 tests/shell/testcases/packetpath/meta_time diff --git a/tests/shell/testcases/packetpath/dumps/meta_time.nodump b/tests/shell/testcases/packetpath/dumps/meta_time.nodump new file mode 100644 index 00000000..e69de29b diff --git a/tests/shell/testcases/packetpath/meta_time b/tests/shell/testcases/packetpath/meta_time new file mode 100755 index 00000000..67b37f4e --- /dev/null +++ b/tests/shell/testcases/packetpath/meta_time @@ -0,0 +1,79 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_meta_time) + +. $NFT_TEST_LIBRARY_FILE + +gen_in_range_minute() +{ + echo $(date -d "-5 minutes" +%H:%M)-$(date -d "+5 minutes" +%H:%M) +} + +gen_out_of_range_minute() +{ + echo $(date -d "+2 minutes" +%H:%M)-$(date -d "+5 minutes" +%H:%M) +} + +gen_in_range_hour() +{ + echo $(date -d "-2 hours" +%H:%M)-$(date -d "+2 hours" +%H:%M) +} + +gen_out_of_range_hour() +{ + echo $(date -d "+1 hours" +%H:%M)-$(date -d "+2 hours" +%H:%M) +} +gen_in_range_day() +{ + #meta day "Sunday"-"Tuesday" + echo \"$(date -d "-1 days" +%A)\"-\"$(date -d "+1 days" +%A)\" +} +gen_out_of_range_day() +{ + echo \"$(date -d "-2 days" +%A)\"-\"$(date -d "-1 days" +%A)\" +} + +gen_in_range_time() +{ + echo \"$(date -d "-1 years +10 days" +%G-%m-%d" "%H:%M:%S)\"-\"$(date -d "+2 days" +%G-%m-%d" "%H:%M:%S)\" +} + +gen_out_of_range_time() +{ + echo \"$(date -d "+10 seconds" +%G-%m-%d" "%H:%M:%S)\"-\"$(date -d "+20 seconds" +%G-%m-%d" "%H:%M:%S)\" +} + +$NFT -f - <<-EOF +table ip time_test { + counter matched {} + counter unmatch {} + chain input { + type filter hook input priority filter; policy accept; + iifname lo icmp type echo-request meta hour $(gen_in_range_hour) counter name matched + iifname lo icmp type echo-request meta hour $(gen_out_of_range_hour) counter name unmatch + iifname lo icmp type echo-request meta hour $(gen_in_range_minute) counter name matched + iifname lo icmp type echo-request meta hour $(gen_out_of_range_minute) counter name unmatch + iifname lo icmp type echo-request meta day $(gen_in_range_day) counter name matched + iifname lo icmp type echo-request meta day $(gen_out_of_range_day) counter name unmatch + iifname lo icmp type echo-request meta time $(gen_in_range_time) counter name matched + iifname lo icmp type echo-request meta time $(gen_out_of_range_time) counter name unmatch + } +} +EOF +assert_pass "restore meta time ruleset" + +nft add rule ip time_test input ip protocol icmp meta hour \"24:00\"-\"4:00\" 2>/dev/null +assert_fail "Wrong time format input" +nft add rule ip time_test input ip protocol icmp meta hour \"-2:00\"-\"4:00\" 2>/dev/null +assert_fail "Wrong time format input" + +ip link set lo up +ping -W 1 127.0.0.1 -c 1 +assert_pass "ping pass" + +$NFT list counter ip time_test matched | grep 'packets 4' +assert_pass "matched check" +$NFT list counter ip time_test unmatch | grep 'packets 0' +assert_pass "unmatch check" +$NFT delete table ip time_test +assert_pass "delete table" -- 2.47.3